What you need to know
- 17 apps have been removed from the App Store.
- The iPhone apps were found to contain malware.
- The apps covered a wide range of categories.
Apple has confirmed that it has removed as many as 17 apps from the App Store after it was found that they contained malware. Those apps all went through the App Store review process with no issues identified at the time.
Instead, the apps were found by mobile security firm Wandera (via ZDNet). All of the apps functioned as they said they would but also had malware running in the background.
The clicker trojan module discovered in this group of applications is designed to carry out ad fraud-related tasks in the background, such as continuously opening web pages or clicking links without any user interaction.
The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network.
Even though no data or financial theft took place, users would have been impacted by the trojan. People with these apps installed might have noticed their iPhone battery draining more quickly than usual. Or it might simply have performed more slowly than expected.
Worryingly, Wandera says that the apps didn't contain the maliscious code but rather received it via a request to a web server. That means there was no way for Apple's App Store review process to spot the malware until the apps were already available. That, in theory, means this could happen again.
The apps communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue...
Command & Control enables bad apps to bypass security checks because it activates a communication channel directly with the attacker that is not within Apple's view. C&C channels can be used to distribute ads (like the ones used by the iOS Clicker Trojan), commands, and even payloads (such as a corrupt image file, a document or more). Simply put, C&C infrastructure is a 'backdoor' into the app which can lead to exploitation if and when a vulnerability is discovered or when the attacker chooses to activate additional code that may be hidden in the original app.
All of the affected apps were from AppAspect Technologies. Those apps were:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
If you have any of those installed we'd suggest removing them ASAP.
Review: Smartmi's P1 Air Purifier offers HomeKit control at a great price
With an affordable price, convenient and customized controls, and a clean modern design, the Smartmi P1 Air Purifier is one of the best HomeKit air purifiers that you can buy today.
Digitimes: AirPods 3 production moved to China because of COVID surge
A new Digitimes report claims that the assembly of Apple's next generation of AirPods has been moved to China because of a surge in COVID-19 cases in Vietnam which is affecting suppliers.
Here's how Pokémon Unite stacks up against other MOBAs
Pokémon Unite has recently made its way to Nintendo Switch. Here's how this spinoff stacks up against other MOBAs.
Click, clack, and thock away with the best mechanical keyboards for Mac!
While there are many who enjoy how the Apple Magic Keyboard feels, others prefer something more tactile and even louder. Thankfully mechanical keyboards are still around. Here are some of our favorites.